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th<> 



apparatus 



The present invention relates to 
of computer- aided information management 
more specifically a method and an 
cessing according to the preamble to claim 
respectively, for accomplishing increased 
against unauthorised processing of data 



personal 



database 



ana 



f ^ frfrronnrl Art 

In the field of computer-aided 
ment, it is strongly required that the p 
unauthorised access of data registers be 
cially against violation of the individual 
integrity when setting up and keeping pe 
i.e. registers containing information on 
particular, there are regulations restri 
biting the linking and matching of 
Also in other fields, such as industry, 
insurance, etc, improved protection is 
unauthorised access to the tools, 
etc. that are used for administration 
sitive information. 

W095/15628, which has the same owne 
application, discloses a method for 
results in increased possibilities of 
ing with no risk of reduced integrity, 
is illustrated schematically in Figs 1 
closed drawing sheets, concerns storing 
comprising on the one hand an identifying 
raation or original identity 0ID, for 
code numbers Pen and, on the other hand, 
information DI. the information OID + 01 
records P in a database 0-DB according 
principle; 
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technical field 
and concerns 
for data pro- 
1 and claim 8, 
protection 



info:rmation manage- 
rotection against 
increased, espe- 

's personal 
rsonal registers, 
individuals- In 
ting and prohi- 

registers - 
defence, banking, 
dpsired against 
s , applications 
storing of sen* 



stor Lng 



Hiking 



T le 
a id 



£ as the present 
data, which 
and match- 
method, which 
2 on the en- 
Df information 
piece of infor- 
personal 
descriptive 
is stored as 
tb the following 



xns tance 
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Step 1 

Step 2 
Step 3 
Step 4 



second 



identity 



accomplished 



by 



OID (Pen) is encrypted by means of 
ferably non- reversible algorithm 
date identity UID; 
UID is encrypted by means of a 
algorithm ALG2 to a storage 
SID and DI are stored as a record 
base 0-DB, SID serving as a record 
At predetermined -times, an alterati 
all or selected records P is 
10 of these records being decrypted 

decrypting algorithm ALG3 to UID, 
is encrypted by means of a modifield 
reversible algorithm or ALG2 ' to a 
identity SID', which is introduced 
15 record identifier in the associated 

replacement for previous SID. This 
security-enhancing "floating" 
of the records. 
For a closer description of the detaitL 
20 tages of this encrypting and storing method 
is made to W095/15628, which is to be 
constitute part of the present description 
principle according to steps 1-4 above is 
red to as PTY, which is an abbreviation of 
25 PROTEGRITY which stands for "Protection 
A detailed technical description of 
supplied in the document "PROTEGRITY (ASIS 
Ver. 1.2, 1 March 1996, by Leif Jonson 
inent is to be considered to constitute 
30 sent description. 

In the technical field at issue, so 
protections, however, are today the 
of protection. Shell protection comprises 
hand the external security (premises) and, 
35 hand, an authorisation check system ACS 
words for controlling the access. ACS is 
protection for main frames, client/server 
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a first, pre- 
J^LGl to an up- 



reversible 
SID; 
P in the data- 
identifier; 
on of SID in 
by SID 
means of a 
whereupon UID 
second, 
new storage 
as a new 

record P as 
results in a 
of SID 



alteration 



part 



predominant 



considered 



s and advan- 
reference 
to 

The storing 
below refer- 
the concept 
integrity" * 
is also 
) Study 2", 
this docu- 
of the pre- 



and 
prv 



Also 



called shell 
method 
on the one 
on the other 
wijth user's pass- 
as shell 
systems and PC, 
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but it does not give full protection and 
at issue can often relatively easily be 
unauthorised access. This protection has 



the information 
subjected to 
been found more 



and more unsatisfactory since, to an increasing extent, 
"sensitive" information is being stored, which must per- 
mit managing via distribution, storing aid processing in 
dynamically changing environments, especially local dis- 
tribution to personal computers. Concurrently with this 
development, the limits of the system wif 
more indistinct and the effect afforded 
tection deteriorates. 



LI be more and 
ay a shell pro- 



it 



unauthorised 
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fii T TMnar Y of T.he> Invention 

In view of that stated above, the ojvj 
sent invention is to provide an improved 
cessing information, by means of which 
increase the protection against 
sensitive information . 

A special object of the invention 
technique for data processing or managing 
it possible for the person responsible 
the management of the organisation etc 
lish and continuously adapt the user's 
processing stored information that is to 

A further object of the invention 
technique for data processing which 
against attempts at unauthorised data 
of non-accepted software. 

One more object of the invention is 
technique for data processing according 
mentioned objects, which can be used in 
the above-described PTY principle, for p 
system with an extremely high level of p 

These and other objects of the 
ed by the method according to claim 1 
according to claim 8, preferred embodiments 
tion being stated in the dependent claim 
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offers 



ect of the pre- 
method for pro- 
is possible to 
access to 



to provide a 
which makes 
the system, 
co easily estab- 
ppssibility of 
be protected, 
to provide a 
protection 

by means 



pr Dcessa-ng 



to provide a 
Co the above- 
combination with 
roviding a safety 
rotection. 
invention are achiev- 
anp the apparatus 

of the inven- 
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ilem< ant 



drfca 



corresponding 



Thus, the invention provides a method 
of data that is to be protected, comprising 
of storing the data as encrypted data e 
records in a first database (O-DB), each 
5 value being linked to a corresponding data 

The inventive method is characterised 
ing further measures: 

storing in a second database ( IAM-DB ) 
ment protection catalogue, which for each . 
10 element type contains one or more protection 
stating processing rules for data element 
in the first database are linked to the 
element type, 

in each user-initiated measure aiming 
15 of a given data element value in the first 
tially producing a compelling calling to 
protection catalogue for collecting the 
bute/attributes associated with the 
element type, and compellingly controlling 
20 of the given data element value in 

collected protection attribute/attributes. 

In the present application the 
are used : 

• "Processing" may include all kinds of 
25 mean any form of reading, printing, 

moving, copying etc. of data that is to 
by the inventive method, 

• "Data element type" concerns a specific 
having a meaning as agreed on. 

30 • "Data element value 1 ' concerns a value 
record specifies a data element type, 

• *' Record ,r concerns a number of data element 
belong together and which are linked to 
data element types, optionally also i 

35 identifier, by means of which the record 
fied. Example: 



the 



pre >tection 



altering 



be 
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for processing 
the measure 
values of 
element 
element type* 
by the follow- 



a data ele- 
ndividual data 
attributes 
values, which 
individual data 

ax processing 
database, ini- 
data element 
attri- 
data 
the processing 
with the 



conformity 



following definitions 



me< sures 



which 
, coding, 
protected 



type of data 

wh^ch in a given 

values which 
tthe respective 
nclijding a record 
can be identi- 
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DATA ELEMENT TYPE 




RECORD ID 


SOCIAL ALLOWANCE 


CAR 




3O0OC X3QOOC 


encrypted data •learnt valuft 


oncrypted 


data Alomant: valua 


YYYY YYTDC 


encrypted data elwiant vmltra 


encrypted 


data «lom«nt Valo« 



"Protection attribute indicating rules 
may concern: 

- data stored in the data element prot 
and providing complete information 
rules applying to the processing of 
data element, and/or 

- data stored in the data element 
and requiring additional callings to 
stored in some other place , which, 
bination with the protection 
processing rules involved. 



of processing" 

ction catalogue 

the rule or 
the corresponding 



protection catalogue 
information 
obtionally in com- 
attributes, states the 



attribu tes 
protection 



"Collection of protection attributes n 

- collection of the protection 
as stored in the data element 
and /or 

- collection of data recovered from 
attributes, for instance by decrypt 



ani 



• " Encryption M may concern any form of 
cryption, conversion of coding of plai i 
non-interpretable (encrypted) data, 
to concern also methods of conversion 
ing. 

The inventive method offers a new 
tion, which differs essentially from the 
protection and which works on the cell 
level. Each data element type used in th 
first database is thus associated with 
tection attributes, which are stored in 
element protection catalogue and which 
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nay concern; 

in the form 
catalogue, 



ion 



protection 
thereof - 



ejicr ypt ion , tr i - 
text data to 
is especially 
Including hash- 



type of protec- 

prior-art shell 
ot data element 

a records in the 
ohe or more pro- 
a separate data 
protection attri- 
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record 



produces 



el< uuent 



compel 



catalogue' 



butes state rules of how to process the c 
data element values. It should be particu 
the calling to the data element protectiop 
compelling- This means that in a system, 
5 method according to the invention is impl 
as to imply that a user, who for instance 
certain data element value in a given 
database , by his attempt at access to the 
value automatically and compellingly 

10 calling to the data element protection ca 
second database for collecting the protec 
associated with the corresponding data 
continued processing procedure (reading o 
value ) of the system is also controlled 

15 accordance with the collected protection 
butes applying to the corresponding data 

The term "data element protection 
the use thereof according to the inventioiji 
confused with the known term "active diet 

20 means that, in addition to an operative 
is a special table indicating different 
choices for data element values in the 
base, for instance that a data element va 
terms of definition means a colour code 

25 a numeric interval stated in such a 

Preferably, the processing rules 
tection attributes are inaccessible to thu 
read or collected protection attributes 
used merely internally by the system for 

30 processing. A given user, who, for instance 
read information stored in the database 
tain individual, thus need not at all be 
fact that certain protection attributes 
vated and resulted in certain, sensitive 

35 this individual being excluded from the 
is made available on e.g. a display. Each 
measure aiming at processing of data 



refer < >nce 



stared 



are 



element 



arresponding 
larly noted that 

catalogue is 
Ln which the 
rented, is such 
wants to read a 
in the first 
data element 
a system 
alogue in the 
ion attributes . 
types . The 
data element 
llingly in 
iittribute/attri- 
element types. 

and 
must not be 
onary", which 
database, there 
definitions or 
data- 
ue "yellow" in 
w$ich is within 
table . 
by the pro- 
user, and the 
preferably 
Controlling the 
wants to 
garding a cer- 
iware of the 
been acti- 
nformation for 
information that 
user-initiated 
values thus 



operative 



have 
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da ra 
data 



involves on the one hand a compelling ca 
element protection catalogue and, on the 
continued processing which is compellingly 
those processing rules that are stated b} 
5 attributes, and this may thus be accompl 
user obtaining information on what rules 
cessing at issue, and especially without 
any possibility of having access to the 
By altering, adding and removing 
10 butes in the data element protection cats 
■; son responsible for the system or an 
may easily determine, for each individual 
type, the processing rules applying to 
values associated with the individual 
15 and thus easily maintain a high and cleai 
in the system. 

According to the invention, it is 
dual data element (date element type) and 
register that becomes the controlling 
20 which the organisation, operator etc. re 
system has determined the level of quali 
lity and safety regarding the management 
To obtain a high level of protection 
ment protection catalogue is preferably 
25 to prevent unauthorised access thereto. 

As preferred protection attributes, 
invention provides the following 
however, are to be considered an 
ing list: 

30 1, Statement of what "strength" or 

stance none, 1, 2.*.) of encryption 
for storing the corresponding data 
in the database. Different data 
in one and the same record may thus 

35 with mutually different strength. 
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ling to the data 
other hand, a 
subjected to 
the protection 
shed without the 
control the pro- 
the user having 
4ules . 

3n attri- 
logue, the per- 
person 
data element 
element 
element type 
safety quality 



equJ valent 



possibilities 



incomplete 



'level 



element 



thus 



unit 



the indivi- 
not" the entire 
for the way in 
ponsible for the 

responsibi- 
of information, 
the data ele- 
encrypted so as 



ty, 



the present 

which, 
exemplify- 



( for in- 
is to be used 
ejlement values 

values with- 
be encrypted 
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Statement of what "strength" or "levfcl 
stance none, 1, 2,-..) of encryption 
for the corresponding data element 
are to be transmitted on a net. 



values 



Statement of program and/or versions 
are authorised to be used for processing 
sponding data element values. 



element 



Statement of "owner" of the data 
ferent data element values within one> 
record can thus have different owners: 

Statement of sorting-out rules for the 
ing data element values, for instance 
method and time for automatic removal 
spending data element values from th<= 



Statement whether automatic logging i 
when processing the corresponding dat 
values. 



According to a specially preferred 
invention, the above-described PTY storing 
for encryption of all data that is to be 
both the database (i.e. the data element 
data element protection catalogue (i.e 
attributes). In the normal case where each 
record identifier (corresponding to SID 
ably also the record identifier is 
PTY. Specifically, a floating alteration 
identifiers in both the operative database 
element protection catalogue can be made 
tervals and at randomly selected times, in 
with the above- described PTY principle. In 
embodiment, especially the encapsulated 
is used for the PTY encryption can also be 



protected 



of 



at 
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(for in- 
is to be used 
if these 



of program that 
the corre- 



type, Dif- 
and the same 



correspond - 
statement of 
of the corre- 
database. 



s to be made 
a element 



tte 



at ove) 



enjbodiment of the 
method is used 
ejnerypted in 
v|alues) and the 
protection 
record has a 
) , prefer- 
by means of 
the record 
and the data 
desired in- 
accordance 
the preferred 
prjocessor which 
used for im- 
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plementation of the callings to the datet element protec- 
tion catalogue and the procedure for processing according 
to the collected protection attributes. 

The invention will now be explained 
with reference to the accompanying drawings, which sche- 
matically illustrate the inventive principle implemented 
in an exemplifying data system. 



firi*f Description of the Drawings 



$h ows 



shows 



computer 



Fig. 1 (prior art) schematically 
of storing of data information according 
ciple in W095/15628. 

Fig. 2 (prior art) schematically 
of producing floating storing identities 
PTY principle in W095/15628. 

Fig, 3 schematically shows a 
implementing the method according to the 

Fig. 4 schematically shows the 
processing according to the invention wifth 
callings to a data element protection 

Fig. 5 shows an example of a display 
determining of protection attributes in 
protection catalogue. 



principle 



caftalogue. 

image for 
the data element 



25 Dftgnri ption of tn *> Preferred Embodiment 



I AM 



in the following, the designation 
for information Assets Manager) will be 
components and applications which in the 
essential to the implementation of the 

30 - Reference is first made to Fig. 3, 
cally illustrates a data managing system 
present invention is implemented and in 
ing databases are included for storing 
this example person-related information 

35 - An open database P-DB which contains generally 
accessible data, such as personal n^me, article 



in more detail 



the principle 
to the PTY prin- 



the principle 
according to the 



system for 
invention. 

of data 
compelling 



(which stands 
used for the 
embodiment are 
ihvention. 
tfhich schemati- 

in which the 
tfhich the follow - 
information, in 



WO 97/49211 



10 



15 



20 



25 



30 



10 



name, address etc. with the personal 
Pen as plain text as record identifier; 
An operative database O-DB, which contains data that 
is to be protected. Encrypted identification, in 
this case an encrypted personal code 
as record identifier (= storage identity SID). O-DB 
is used by authorised users for processing of indi- 
vidual records, such as reading and update; 
An archive-database A-DB, which contains data trans- 
ferred (sorted out) from the operative database O-DB 
and which is used for statistic questions, but not 
for questions directed to individual 
transfer from O-DB to A-DB may take ^lace in 
batches. 

a database IAM-DB, which is a database essential to 
the implementation of the invention, 
contains a data element protection catalogue with 
protection attributes for such data element types as 
are associated with data element values in records 
in the operative database O-DB . This 



is preferably physically separated from the other 
O-DB and is inaccessible to the user- However, two 
or more sets of the data element protection cata- 
logue may be available: on the one h*md an original 
version to which only an authorised 2 AM operator has 
access and, on the other hand, a copy version which 
imports the data element protection catalogue from 
the original version and which may optionally be 
stored on the same file storage as the operative 
database O-DB. The two versions may be remote from 
each other, for instance be located i.n two different 
cities • 
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code number 



records . The 



database IAM-DB 



cor tprxses 



35 



The data system in Fig. 3 further 
ware component 10, a control module 20 ( 
program module 30 (PTY-APl). The function 
components will now be described in more Retail. 



a hard- 
IAM-API), and a 
of these three 
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Hardware Component 10 

The hardware component 10 acts as a 
cessor of its own in a computer, it has 
that makes it completely taraper-proof, 
monitoring by so-called trace tools will 

The hardware component 10 can as an 
perform at least the following functions 

Creating variable, reversible and 
encrypting algorithms for the PTY 
and providing these algorithms with 
variables; 

- Initiating alterations of storage 
in stored data according to FTY, on 
data in 0-DB and, on the other hand 
data element protection catalogue of 

- Storing user authorisations having 
in 0-DB; and 

Linking original identities OID to 
record in 0-DB. 



Control Modiilft 20 ( "HAM-API ) 

The control module controls the 
types of data protection that the system 

The control module carries out the 
requested via API (Application Program 
gramming interface. 



ProarRm Module 30 ( PPTY-APH M 



handles 



incl jding 



ma/ 



The program module (PTV-APi) 30 
between the application 40 involved ( 
the hardware component 10, This module 
events and control sorting out/removal of 
operative database 0-DB* 

Reference is now made to Fig. 4, whifch 
the same four databases (P-DB, O-DB, A-DB 
Fig, 3 and which schematically illustrate 



distributed pro- 
an encapsulation 
which means that 
not be possible . 
independent unit 

nonreversible 
encryption 

the necessary 

identities (SID) 
the one hand 
data in the 
I AM -JOB; 
ccess to records 

tine correct 



handling of the 
can supply, 
processing 
Interface) pro - 



the dialogue 
ACS ) and 
further log 
data from the 



illustrates 
IAM-DB) as in 
s how the pro- 
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cesslng of Individual data elements are, 
the invention, controlled according to thi 
are stated by protection attributes in thf 
protection catalogue, which is stored in 
5 IAM-DB. 

The data that is to be stored concerns 
pie a certain individual and contains: (1 
accessible data such as name and address, 
information, such as personal code number 

10 descriptive information <DI). The general 
;data name and address is stored together 
code number (Pen) in the open database P 
being performable as plain text since this; 
of the type that is generally accessible 

15 For storing the Identifying 

tion with the descriptive information DI, 
steps will, however, be made, in which th<=t 
designations are used to describe 
ting algorithms. Generally speaking, the 

20 decrypting algorithms can be described as 

F Ty p e ( Random number, Input data) 

wherein: 

F designates a function. 



ccording to 
rules that 
data element 
i;he database 



in this exam- 
general ly 
(2) identifying 
(Pen), and (3) 
y accessible 
^ith personal 

said storage 
information is 



I>B, 



inf ormation 



encrypt j ng 



encrypting 



25 Type indicates the type of function 

Fkir * Non-reversible 
F KR = Reversible encrypting 
F DKR " Decrypting algorithm 



30 Random number 

represents one or more constants 
variables included in the functi 

Input data 

35 are the data to be encrypted or 

Results indicate a unique function value 
function 



in combina- 
the following 
following 
and decryp- 
^ncrypting and 
follows : 



= Results 



ES 



follows: 
algorithm 



algorithm 



and/or 
on F. 



decrypted , and 
for a given 
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Step 1 Division of the information 

Identifying information is separated from 
descriptive information; 

5 Step 2 Preparation of storage identify STH: 



selected 



10 



An original identity OID is 
the identifying information. OID 
ed to be equal to the personal 
of the individual, OID is e 
a non-reversible encrypting 
pared randomly by the hardware 
an update identity UID as follows; 



based on 
is here select- 
number Pen 
by means of 
ALG1, pre- 
cimponent 10, to 



code 



incrypi;ed 



algorithm 



ALG1: Fj(ip( Random number, OIE 



15 



ALG1 is such that attempts at 
to OID result in a great number 
which makes it impossible to linfc 
to the corresponding OID. 



decryption 



20 



Then UID is encrypted by means of 
algorithm ALG2, which is also 
by the hardware component 10, for 
storage identity SID as follows: 



25 



30 



ALG2: Fjcr( Random number, UID 

ALG2 is such that there exists a 
decrypting algorithm ALG3, by mea|is 
can be decrypted in order to 



35 



The storage identity SID is used, 
step 4 above, as encrypted record 
storing encrypted data element 
operative database 0-DB. 



) = UID 



Of UID 
f identities, 
a specific UID 



a reversible 

at random 
generating a 



produced 



SID 



corresponding 
of which SID 
UID, 



recr sate 



as described in 
identifier when 
values DV in the 
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Step 3 Production of encrypted data elsrJnt values DV 



10 



15 



20 



25 



30 



35 



The descriptive information DI 
rhe original identiry 0ID is 
or more encrypted data element 
to a data element type DT each 



associated 



conv« xted 
values 



described 



The encryption takes place as 
with a reversible encryption function 
like the algorithms ALG1 and ALG2 
produced at random by the hardware 
The invention is distinguished by 
calling here being sent to the dat 
tection catalogue in the database 
automatic collection of the protedtion 
which is linked to the data element 
and which indicates "strength" or 
which the encryption of the descrijpt 
to be performed so as to generate 
ment value OV. 



below 
Fkr, which 
above is also 
component 10. 
a compelling 
a element pro- 
IAM-DB for 

attribute 
type at issue 
degree with 

ive data is 
the data ele- 



The table, which in Fig, 4 is showh 
database IAM-DB, symbolises an exenpl 
tent of the data element protectioi 
here designated DC. As an example, 
assumed that the protection function 
sponds to "degree of encryption 
tive information DI at issue is to 
data element value associated with 
data element type DTI in the data 
tection catalogue, the protection 
registered in the data element pro 
logue is collected automatically ifc 
The descriptive information DI at 
thus,, automatically and compelling 
ed with the strength "5" for generating 
crypted data element value DV as fallows: 



with 
into one 
DV linked 



below the 

ifying con- 
catalogue , 
it may here be 
Fund corre- 
Cf the descrip- 
be stored as a 
the specific 
element pro- 
attribute "5" 
•pection cata- 

this case. 
:.ssue will 
y, be encrypt- 
an en- 
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Fkr( Random number, DI) 
value DV 
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encrypted data element 



For storing a less sensitive date 
instance a data element of the dc 
DT3, the compelling calling to 
protection catalogue in IAM-DB wc 
resulted in the protection 
collected, in which case no 
been made on the descriptive date 
then could be stored as plain te^t 
tive database 0DB. 



t* e 



attrit ute 
encrjpt 



Step 4 Storing nf record s i,n the operative database 0-DB 



The encrypted storage identity SljD 
step 2 in combination with the cdr: 
crypted data element value or data 
DV according step 3 are stored as 
operative database 0-DB. 



As appears from the foregoing, a stored information 
record P has the following general appearance: 





Descript. informal 
of encrypted data 


ion in the form 
element values 


Storage identity (SID) 


DV1 


DV2 


DV3 


DV4 



element, for 
ta element type 

data element 
uld instead have 
"no" being 
ion would have 
at issue, which 
in the opera- 



according to 
responding en- 
element values 
a record in the 



25 



30 



encrypt ed 



never 



The original identity OID is 
the PTY principle in two steps, of which 
non-reversible and the second is reversi 
is impossible to store the descriptive in 
along with a storage identity SID that 
ed to the original identity OID, as well 
"floating 11 , i.e. which change over time, 
titles SID while retaining the possibili 
for a specific original identity OID, the 
descriptive information DI stored* 



according to 
the first is 
Thus , it 
formation DI 

can be link- 
as to create 
storage iden- 
of locating, 
associated 
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The descriptive data DI is stored in 
protection attributes linked to each 
ment. This results in a still higher level 
and a high degree of flexibility as to the 
rules, and continuous adaptation thereof 
tive data is allowed to be used and can be 
the data element level. 

To increase the level of protection s 
data element protection catalogue DC is pr 
ed in IAM-DB in encrypted form in accordan 
;PTY principle, in which case for instance 
ment types correspond to the above storage 
the protection attributes correspond to 
information or data element values above 
cally illustrated in Fig. 4. This 
every attempt at circumventing the data 
tion by unauthorised access and 
content of the data element protection 

In the illustrated embodiment, PTY caifi 
following functions: 

- Protecting the original identity 0ID 
form (SID) on the operative database 
known from said W095/15628), 

- Protecting information in IAM-DB, 
protection attributes of the data 
catalogue and the associated record 
Protecting descriptive information DI 
encrypted data element values DV for 
ment types that have the corresponding 
activated in the data element protect 
and in accordance with the correspond 
attributes . 



th^ 



efficiently 



el< iment 



interpreta :ion 



catalogue. 



accordance with 
data ele- 
of protection 
setting up of 
of how sensi- 
used, down to 

till more, the 
sferably stor- 
ze with the 
the data ele- 
identity and 
h descriptive 
as schemati- 
prevents 
protec- 
of the 



Functionality Protection 

In the above embodiment of the 
ting data in the operative database O-DB, 
of encryption " has so far been discussed ^s 



procedure 



thus have the 

n encrypted 
i-DB (as is 



particularly 



elenent 



the 
protection 
identifier, and 
in the form of 
i;he data ele- 
protection 
on catalogue, 
ng protection 



for input- 
cfinly "degree 
data element 
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of U rs 
element 



data 



ystem 
called 



only 



still 



illustrat 



protection attribute in the data element 
logue DC. However, this is only one examdl< 
ber of possible protection attributes in 
protection catalogue, which normally 
5 of protection attitudes for each data 

protection attributes have been indicated 
general description. 

A particularly interesting protecticjn 
"protected programs". The use of this 

10 tection attribute means that the data s 
new type of protection, which is here 
lity protection" and which means that 
certified programs are allowed to be usee 
in the system in the processing of data 

15 noted that this type of protection is 

the invention, on the data element level- 

Now assume for the purpose of 
Func2 in the data element protection 
Fig* 4 corresponds to this protection 

20 that data elements of the data element 
respectively, are only allowed to 
accepted applications or programs PI and 
ly. Unauthorised handling of the corre: 
raents by means of, for instance, a 

25 or a modified version PI' of PI, should 
protection attribute in the data element 
logue, data identifying PI and P2 is 
a preferred example, an encryptographic 
P2*, respectively, is created, in a 

30 based on every accepted program PI and P2 
These check sums may be considered to 
fingerprint of the respective accepted 
these fingerprints can be stored as 
in the data element protection catalogue 

35 schematically in Fig. 4. It should howev 
such check sums for accepted programs car 
stored in a data element protection 
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protection cata- 

e among a num- 
the data element 
a plurality 
Preferred 
above in the 



tvpe 



processed 



prote cti 



attribute is 
element pro- 
may offer a 
"functiona- 
accepted or 
and can be used 
It should be 

according to 



cata log 



attribute 



ion that 
ue DC in 

and 
DTI and DT2, 
with the 
P2, respective- 
ing data ele- 
program P3, 
prevented . As 
protection cata- 
stored. In 
cjheck sum PI* end 
known per se, 
respectively. 

a unique 
pijogr aras , and 

on attributes 
as illustrated 
r be noted that 
optionally be 
of their 



aspend 



different 



be 



therefore 



xaanne r 



constitute 



catalogue 
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own for registering of accepted programs, 
the data element protection catalogue with 
attributes for encryption strength 

If the last-mentioned type of 
programs" is used, it should also be noted 
tem, in connection with a user- initiated 
at processing of a given data element, for 
putting a new data element value in a 
heed not carry out a complete examination 
accepted in the system. If, for instance, 
to use a program P3 for inputting in the 
base O-DB a new data element value, a 
is sent to the data element protection ca 
nection with the corresponding data element: 
instance DTI . The associated protection 
is then collected from the data element 
logue, which means that such a data element 
allowed to be stored by means of the progr 
attempt at registering the data element 
the program P3 would therefore fail. 

By periodic use of the above -described 
ty protection, it is possible to reveal 
that an unauthorised person ( for instance a 
breaks into the system by means of a non-ac 
and modifies and/or adds descriptive data 
ner that the descriptive data will then be 
for the record. The data element values are 
allowed to become identifying in the 
0~DB. 



separately from 
protection 



operative 



Traceabillty/ lo^flinff 

"Logging" or "traceability" is another 
tection which according to the invention 
a data element type in the data element 
logue- If this protection is activated for 
element type, each processing of the corres 
element values in the operative database O- 



" protected 
that the sys- 
m^asure aiming 
instance in- 
record, 
all programs 
"he user tries 
ive data- 
ng calling 
in con- 
type, for 
PI* 
cata- 
value is only 
; PI. The 

by means of 



tftlogue 



attribute 
protection 



val ue 



functionali- 
or prevent 
"hacker" ) 
cepted program 

such a man- 
identifying 
thus not 
database 



in 



can 



protection 



type of pro- 
be linked to 
cata- 
a certain data 
ponding data 
DB will auto- 
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relevant 



matically and corapellingly result in 
on the processing ("user", "date", "record 
gram" etc* ) being logged in a suitable 
based on the log, it is possible to 
wards who has processed the data element 
when, by means of which program etc. 



rnc nner 



inves tigate 



p^rfin p r>f nata fV ntti thft OnP.rative Database 0-PE 



In connection with a user-initiated 
at reading/altering data element values i 
records in the operative database O-DB, 
steps are carried out, which specifically 
a compelling calling to the data element 
logue and "unpacking" of the data which 
automatically and compellingly by collected 
attributes. 



measure aiming 
n the stored 
following 
also comprise 
protection cata- 
controlled 
protection 



■the 



a s 



producing 



the 



Step 1 The record is identified by 

identity SID at issue based on 
tity OID, (Pen) that is associated 
element value DV which is to be 



^KR^KIR(OID)) = SID 



25 Step 2 



When the record has been found by 
the encrypted data element value 
encrypted descriptive data that 
is decrypted as follows by means 
algorithm F D kr : 



F D kr( dv ) = descriptive data (plain text) 



decrypts on 



The carrying out of this 
element value, however, requires 
tion-controlling protection 
element is first collected by th€ 
data element protection catalogue 
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information 
"user pro- 
so that 
after- 
values at issue, 



the storage 
original iden- 
with the data 
rlead, as follows 



means of SID, 
DV (i.e, the 
l|s to be read) 
of a decrypting 



attrJ bute 



of the data 
that the encryp- 
of the data 
system from the 
DC , i.e. the 
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attribute indicating with which s 
which level the data element value 
O-DB has been encrypted * Like in 
dure for inputting of data in O-DB 
reading, a compelling calling thus 
data element protection catalogue 
ing information which is necessary 
out the processing, in this case 



tjrength or at 

DV stored in 
the above proce- 
also when 
is sent to the 
DC for collect - 
for carrying 
the unpacking. 



ad .ng 



It will be appreciated that such a 
calling to the data element protec 
DC, when making an attempt at re 
in the attempt failing, wholly or 
several reasons, depending on the 
attribute at issue, which is linke£ 
element value/values that is/ are 
instance , the attempt at reading 
rupted owing to the user trying to 
accepted program and /or not being 
read the terra involved. 



to 
may 



35 



If the data element protection catalog 
ed, the decoding key can be stored in a 
separate from the first and the second 

Fig. 5 shows an example of a user 
the form of a dialogue box, by means of wh 
responsible for I AM, i.e. a person respons 
rity, may read and/or alter the protection 
stated in the data element protection cata 
Example in Fig. 5, the data element types 
ance" and "Social allowance" have both beei 
protection attributes concerning encryption 
logging and owner. Moreover, registration < 
U9ers and protected programs linked to the 
type "Social allowance" has taken place in 



compelling 
;ion catalogue 

may result 
partly, for 
protection 
to the data 
be read. For 
be inter- 
use a non- 
Authorised to 



ue is encrypt - 
position 



storage 
database. 
int< irface 



in 

ch a person 
ble for secu- 
attributes 
ogue. In the 
Housing allow- 
provided with 
, sorting out, 
f authorised 
data element 
submenus . 
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stoz ing 



CLAIMS 

1. A method for processing of data 
5 protected, comprising the measure of 

as encrypted data element values (DV) in 
a first database (0-DB), each data elemert 
linked to a corresponding data element 
characterised by the steps of 

10 storing in a second database ( IAM-DB 

; protection catalogue (DC), which for each 
element type ( DT ) contains one or more 
butes stating processing rules for data 
(DV), which in the first database (0-DB) 

15 the individual data element type (DT), 
for each user-initiated measure 
of a given data element value (DV) in the 
(0-DB), initially producing a compelling 
data element protection catalogue for 

20 tection attribute/attributes associated 
sponding data element type, and 

compellingly controlling the user's 
the given data element value in conformity 
lected protection attribute/attributes, 

25 2. A method as claimed in claim 1, 

ing the measure of storing the protection 
attribute/ attributes of the data element 
logue (DC) in encrypted form in the second 
( IAM-DB ) and, when collecting protection 

30 butes from the data element protection ca 
effecting decryption thereof. 

3. A method as claimed in any one of 
claims, wherein each record (P) in the 
(O-DB) has a record identifier, and 

35 further comprises the measure of storing 
tifier in encrypted form (SID) in the 
(0-DB) . 



tjhat is to be 
the data 
records (P) in 
value being 
tyjpe (DT), 

) a data element 
individual data 
protection attri- 
element values 
are linked to 



first 



wherein 



at processing 
first database 
□ailing to the 
ing the pro- 
wfcith the cor re - 



aimx rig 



processing of 
with the col- 

flurther compris- 

protection cata- 

database 
attribute/attri- 
talogue (DC) 



first 



the preceding 
database 
the method 
the record iden- 
database 
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4. A method as claimed in any one of 
claims, wherein the encryption of data in 
base (O-DB) and/or the encryption of data 
database ( IAM-DB ) is carried out in 

5 PTY principle with floating storage ident 

5. A method as claimed in any one of 
claims, wherein the protection 
the data element types comprise attributes; 
for encryption of the corresponding data 

10 in the first database (0-DB), 

6. A method as claimed in any one of 
claims, wherein the protection attribute/c 
the data element types comprise attributes 
for which program/ programs or program vers 

15 allowed to be used for managing the corres 
element values in the first database (0-DE 

7. A method as claimed in any one of 
claims, wherein the protection 
the data element values comprise attributes 

20 for logging the corresponding data element 
first database (0-DB), 

8. An apparatus for processing data 
protected, comprising a first database (0 
ing said data as encrypted data element 

25 records (P), each data element value being 
a corresponding data element type ( DT ) , c 
terised by 

a second database ( IAM-DB) for storing 
ment protection catalogue (DC), which for 

30 data element type (DT) contains one or 
attributes stating processing rules for 
values (DV), which in the first database ( 
linked to the individual data element type 
means which are adapted, in each user 

35 sure aiming at processing a given data 

in the first database (0-DB), to initially 
compelling calling to the data element pre 



the preceding 
the first data- 
in the second 
with the 

ty, 

the preceding 
of 

stating rules 
Element values 



mora 
data 



the preceding 
ttributes of 

stating rules 
ions is/are 
ponding data 
)- 

the preceding 
of 

stating rules 
values in the 

that is to be 
DB) for stor- 
vafLues (DV) in 
linked to 
* a r a c - 

a data ele- 
aach individual 
protection 
element 
>DB) are 
(DT), 

•initiated mea- 
value (DV) 
produce a 
►tection cata- 



elei aent 
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logue for collecting the protection 
associated with the corresponding data 

means which are adapted to 
user's processing of the given data 
formity with the collected protection 
butes. 



at^ :ribute/attributes 



element types, and 
control the 
value in con- 
ittribute/attri- 



compellingly 



elfiment 
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